Details of VAR-201112-0340

ID

VAR-201112-0340

CVE

CVE-2011-4680

TITLE

vtiger CRM Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-003300

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information

Trust: 2.7

sources: NVD: CVE-2011-4680 // JVNDB: JVNDB-2011-003300 // CNVD: CNVD-2011-5252 // BID: 51023 // IVD: 57d70116-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52625

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 57d70116-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5252

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	4.2	Trust: 2.5
vendor:	vtiger	model:	crm	scope:	eq	version:	4.2.4	Trust: 2.5
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.3	Trust: 2.5
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.4	Trust: 2.5
vendor:	vtiger	model:	crm	scope:	eq	version:	5.2.1	Trust: 1.6
vendor:	vtiger	model:	crm	scope:	eq	version:	5.1.0	Trust: 1.6
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	vtiger	model:	crm	scope:	lte	version:	5.1.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	3	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	2.1	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	4.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	4	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	3.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	2.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	1.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	3.2	Trust: 1.0
vendor:	vtiger	model:	crm rc	scope:	eq	version:	5.0.4	Trust: 0.9
vendor:	vtiger	model:	rc	scope:	eq	version:	5.0.4	Trust: 0.9
vendor:	vtiger crm	model:	-	scope:	eq	version:	4	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	lt	version:	5.2.0	Trust: 0.8
vendor:	vtiger crm	model:	-	scope:	eq	version:	4.2	Trust: 0.6
vendor:	vtiger	model:	crm	scope:	eq	version:	5	Trust: 0.6
vendor:	vtiger crm	model:	-	scope:	eq	version:	3.0	Trust: 0.4
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.0.4	Trust: 0.4
vendor:	vtiger	model:	crm	scope:	ne	version:	5.3	Trust: 0.3
vendor:	vtiger	model:	crm	scope:	ne	version:	5.2.1	Trust: 0.3
vendor:	vtiger	model:	crm	scope:	ne	version:	5.2	Trust: 0.3
vendor:	vtiger crm	model:	-	scope:	eq	version:	1.0	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	2.0	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	2.0.1	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	2.1	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	3	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	3.2	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	4.0	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	4.0.1	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	4.2.4	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.0.0	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.0.2	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.0.3	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.1.0	Trust: 0.2
vendor:	vtiger crm	model:	-	scope:	eq	version:	5.2.1	Trust: 0.2

sources: IVD: 57d70116-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5252 // BID: 51023 // JVNDB: JVNDB-2011-003300 // CNNVD: CNNVD-201112-081 // NVD: CVE-2011-4680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4680
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4680
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-081
value:	MEDIUM
Trust: 0.6
IVD:	57d70116-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-52625
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4680
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	57d70116-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-52625
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 57d70116-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52625 // JVNDB: JVNDB-2011-003300 // CNNVD: CNNVD-201112-081 // NVD: CVE-2011-4680

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-52625 // JVNDB: JVNDB-2011-003300 // NVD: CVE-2011-4680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-081

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201112-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003300

PATCH

title:	Jan2011:ODUpdate	url:	http://wiki.vtiger.com/index.php/Jan2011:ODUpdate	Trust: 0.8
title:	Patch for vtiger CRM Cross-Site Scripting Vulnerability (CNVD-2011-5252)	url:	https://www.cnvd.org.cn/patchInfo/show/6258	Trust: 0.6
title:	vtigercrm-521-530-patch	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995	Trust: 0.6
title:	vtigercrm-5.3.0	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994	Trust: 0.6
title:	vtigercrm-5.3.0	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993	Trust: 0.6

sources: CNVD: CNVD-2011-5252 // JVNDB: JVNDB-2011-003300 // CNNVD: CNNVD-201112-081

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4680	Trust: 3.6
db:	CNNVD	id:	CNNVD-201112-081	Trust: 0.9
db:	CNVD	id:	CNVD-2011-5252	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003300	Trust: 0.8
db:	BID	id:	51023	Trust: 0.4
db:	IVD	id:	57D70116-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-52625	Trust: 0.1

sources: IVD: 57d70116-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5252 // VULHUB: VHN-52625 // BID: 51023 // JVNDB: JVNDB-2011-003300 // CNNVD: CNNVD-201112-081 // NVD: CVE-2011-4680

REFERENCES

url:	http://wiki.vtiger.com/index.php/jan2011:odupdate	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4680	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4680	Trust: 0.8
url:	http://wiki.vtiger.com/index.php/jan2011	Trust: 0.6
url:	www.vtiger.de	Trust: 0.3

sources: CNVD: CNVD-2011-5252 // VULHUB: VHN-52625 // BID: 51023 // JVNDB: JVNDB-2011-003300 // CNNVD: CNNVD-201112-081 // NVD: CVE-2011-4680

CREDITS

Unknown

Trust: 0.3

sources: BID: 51023

SOURCES

db:	IVD	id:	57d70116-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-5252
db:	VULHUB	id:	VHN-52625
db:	BID	id:	51023
db:	JVNDB	id:	JVNDB-2011-003300
db:	CNNVD	id:	CNNVD-201112-081
db:	NVD	id:	CVE-2011-4680

LAST UPDATE DATE

2025-04-11T23:04:15.576000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5252	date:	2011-12-14T00:00:00
db:	VULHUB	id:	VHN-52625	date:	2018-10-30T00:00:00
db:	BID	id:	51023	date:	2011-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-003300	date:	2011-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201112-081	date:	2011-12-08T00:00:00
db:	NVD	id:	CVE-2011-4680	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	57d70116-2354-11e6-abef-000c29c66e3d	date:	2011-12-14T00:00:00
db:	CNVD	id:	CNVD-2011-5252	date:	2011-12-14T00:00:00
db:	VULHUB	id:	VHN-52625	date:	2011-12-07T00:00:00
db:	BID	id:	51023	date:	2011-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-003300	date:	2011-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201112-081	date:	2011-12-08T00:00:00
db:	NVD	id:	CVE-2011-4680	date:	2011-12-07T19:55:02.470